=?utf-8?Q?=C3=81lvaro?= Herrera <[email protected]> writes:
> I tested this patch here and it seems to behave as intended.
Thanks for looking!
> The deal with system_views.sql is not clear to me. Previously, the
> function underlying each view was in pg_proc.dat and the ACL was tweaked
> in system_views.sql together with the place where the function was used
> to define the view; now it seems the whole of the function (incl its
> ACL) is in pg_proc.dat, and only the view itself is in system_views.sql.
Yeah, as I mentioned upthread, I'm not totally pleased with that.
It seemed to make sense to adjust the permissions of the views and
their underlying functions together. This patch loses that, but
keeps consistency with other built-in functions and promotes
"single source of truth". Is that a good tradeoff? I'm not sure.
I think there's a case to be made for continuing to handle these
specific functions' ACLs as we do now.
> I think this is an OK arrangement, but perhaps there should be a comment
> in system_views.sql about it.
Yeah, that'd be a good thing to do if we keep it like this. Perhaps
more or less
* Some of these views are not meant to be publicly readable. The
* underlying function(s) for such a view should not be publicly
* executable either --- but by default they will be. Don't forget to
* adjust function permissions (in pg_proc.dat) when adding a new view.
regards, tom lane
